Privacy Policy

This Privacy Policy covers Iterable, Inc.’s (“Iterable”, “us”, or “we”) treatment of Personally Identifiable Information (“PII”) and how it may be gathered on the website located at https://iterable.com, any other applications and features (collectively, the “Site”), through the use of the services (the “Services”) and any PII customers and business partners share with Iterable. These privacy practices apply to Iterable’s customers and any internet users that visit the websites, applications or other features offered by Iterable’s customers (collectively, “Customer Sites”).

Please read this Privacy Policy carefully. Any order forms or additional agreements to which users and customers agree, governing the provision of Iterable features, shall take precedence over the terms of this Privacy Policy and to the extent of any differences.

COLLECTION OF INFORMATION FROM CUSTOMER SITE END USERS

INFORMATION COLLECTED BY ITERABLE

In the course of providing the Services to our customers, Iterable collects both non-PII and PII about end users of Customer Sites. Iterable will not collect your password for any Customer Site or credit card information you have supplied to any Customer Site. We do not purchase or receive information about you from third parties (other than our customers).

Iterable also collects non-PII from Customer Sites you visit, including the following types of data:

Standard Data – common information found in every communication sent over the internet. Using this information, Iterable can infer information such as browser type (e.g., Google Chrome, Apple Safari); operating system (e.g,. Apple macOS or Microsoft Windows); browser language (e.g., Javascript); and internet service provider (e.g., AT&T or ComCast).

Clickstream Data – Iterable can infer how you use our Customer Sites and various pages on the internet.

COOKIES

Cookies are alphanumeric identifiers transferred to your computer’s hard drive through your Web browser to enable our systems to recognize your browser, tell us how and when pages on our Site are visited and by how many people. Like most internet sites, Iterable uses cookies to enhance our users’ and customers’ experience on the internet. These cookies do not collect PII, and we do not combine information collected to obtain additional PII.

Most browsers allow you to prevent new cookies from being accepted, to be notified when you receive a new cookie, or to disable cookies.

DATA RETENTION

Cookies set on behalf of Iterable expire after three years and the expiration date updates every time you encounter our server.

CONSUMER CHOICE AND ACCESS

The process for individual internet users to review and/or request changes to their PII collected by Iterable is outlined in the Additional Policies section below.

COLLECTION OF INFORMATION FROM ITERABLE CUSTOMERS

This section describes our policies for end users of the Iterable Site and Services, Iterable customers, and corporate partners.

INFORMATION YOU PROVIDE TO US

We receive and store any information you enter on the Site, through the Services or provide to us in any other way, with your consent. You have the option not to provide us with certain information. We use PII provided by you for such purposes as responding to your Service requests, customizing your content, communicating with you about our products and marketing our Services to you.

Further information may be required if you choose to purchase paid components of the Services, such as billing information. Iterable uses third party partners, Stripe and Zuora, for credit card processing which may require and store your billing information.

AUTOMATIC INFORMATION

We receive and store certain types of information whenever you interact with us. Iterable automatically receives and records “traffic data” on our server logs from your computer, including your geographical location and Internet Protocol (“IP”) address, Iterable cookie information, and pages you request. Iterable uses this traffic data to analyze trends and administer the Site. Our service automatically collects usage information, such as the frequency of visitors to our Site and their components. This data is only used in the aggregate. This type of collective data enables us to figure out how often users utilize different parts of the Site and Services.

E-MAIL COMMUNICATIONS

Customers may be contacted via email regarding the Iterable Service or Site. For any requests or inquiries made through the Iterable Support Center, a record of information you provide will be retained in our response message(s). Additionally, we may receive a confirmation when you open an email from us.

COOKIES

Cookies are alphanumeric identifiers that we transfer to your computer’s hard drive through your Web browser to enable our systems to recognize your browser, tell us how and when pages in our Site are visited and by how many people. Iterable.com cookies do not collect PII, and do not combine information collected through cookies to obtain PII.

SHARING OF PII BY ITERABLE

This section describes our policies for sharing PII received from either Customer Site end users or Iterable end users or customers.

We neither rent nor sell PII to anyone. Except as provided for in any additional agreement you enter into with Iterable, we share your personal information only as described below:

THIRD PARTY USE OF PII

Iterable may engage third party companies or individuals to provide the Services. In doing so, we may share PII for the following reasons; billing, processing payments, providing marketing assistance and customer service. These third party companies and individuals provide the same level of privacy protection as Iterable. Additionally, these third parties do not have any right to use PII collected from our Site or Services, beyond what is necessary to assist us.

PROMOTIONAL OFFERS

We may send offers to our customers on behalf of other businesses or provide our customers with the opportunity to notify end users directly of promotions by text message or e-mail.

BUSINESS TRANSFERS

If Iterable, or substantially all of its assets, were acquired, PII would be an asset that is reviewed and transferred. You acknowledge that such transfers may occur, and that any acquirer of Iterable may continue to use your PII as set forth in this policy.

PROTECTION OF ITERABLE AND OTHERS

We may release PII when we, in our sole discretion, believe in good faith that release is necessary or appropriate to comply with the law (including to meet national security or law enforcement requirements), enforce or apply our conditions of use and other agreements, protect the rights, property, or safety of Iterable, our employees, our customers, or others.

ADDITIONAL POLICIES

INFORMATION SECURITY

Your Iterable account information is protected by a password for your privacy and security. Iterable uses Transport Layer Security (“TLS”) to encrypt all data communication over Hypertext Transfer Protocol (“HTTP”), otherwise known as HTTP Secure (“HTTPS”) . Only employees who need personal information to perform a specific job are granted access to it. All Iterable employees are provided regular privacy and security awareness training. While Iterable uses commercially reasonable means to secure your information, we do not guarantee that your PII will not be improperly accessed, disclosed, or destroyed by breach of any of our safeguards.

CONDITIONS OF USE

Your use of the Site and Services and any possible dispute over privacy are subject to this Privacy Policy and our Terms of Service, including limitations on damages, dispute resolution, application of California state law, as well as laws and regulations of the European Union, the European Economic Area and their member states, Switzerland and the United Kingdom. Iterable, Inc. is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).

INTERNATIONAL VISITORS

For end users and Site visitors outside of the United States, please note that any data or PII you enter into the Services or Site will be transferred out of your country and into the United States.

EU-U.S. PRIVACY SHIELD

Iterable certifies that it adheres to the Privacy Shield Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement for any PII submitted to us in participating European countries through the Services. We may also process PII relating to individuals in the EU via other compliance mechanisms, including data processing agreements based on the EU Standard Contractual Clauses.

DATA PROCESSED

We provide the Services so that customers can enable the deployment of email, push notifications, in-app messages, and web push messaging to customers’ users. In providing these Services, Iterable processes data that the customer submits to the Services or instructs us to process on their behalf, in connection with the Services (“Customer Data”).

PURPOSES OF DATA PROCESSING

Iterable processes Customer Data submitted for the purpose of providing the Services to the customer. To fulfill this purpose, we may access Customer Data to prevent or address service or technical problems, to respond to customer support matters, to carry out customer instructions, or in response to contractual requirements with the customer.

THIRD PARTIES WITH WHOM ITERABLE SHARES CUSTOMER DATA

Iterable may use a limited number of third party providers to assist us in providing the Services to customers. As of the date hereof, these third parties provide Infrastructure As a Service (“IaaS”) hosting and Software As a Service (“SaaS”) operations for systems monitoring, data queuing and statistical and scientific activities. These third parties may access, process or store Customer Data in the course of providing these services, but based on our instructions only.

We may receive Customer Data, subject to the Privacy Shield and the EU General Data Protection Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 (“GDPR”). Iterable will be liable for all transfers of this Customer Data to a third-party service provider, acting as an agent on our behalf, if both (i) the agent processes the Customer Data in a manner inconsistent with the Privacy Shield and the GDPR, and (ii) we are responsible for the event giving rise to the damage.

RIGHT OF ACCESS

Some international users (including those whose PII is within the scope of the Privacy Shield and the GDPR) have certain legal rights to access their PII stored through the Site and Services. Those users have the ability to obtain a correction, amendment or deletion of that PII by contacting compliance@iterable.com. If you wish to request access to, limit use or to limit disclosure, we will first refer your request to the customer who submitted your PII, and we will support them as needed in responding to your request.

REQUIREMENT TO DISCLOSE

We may disclose PII when we have a good faith belief that such action is necessary to: conform to legal requirements or to respond to lawful requests by public authorities, including to meet national security or law enforcement requirements; or to enforce our contractual obligations.

PRIVACY COMPLAINTS BY INTERNATIONAL USERS

If you are an international user and believe we maintain your PII within the scope of the Privacy Shield and the GDPR, you may direct any questions or complaints concerning our compliance to compliance@iterable.com or at our mailing address:

DISPUTE RESOLUTION

In compliance with the EU-U.S. Privacy Shield, Iterable commits to resolve complaints regarding your privacy and our collection or use of your PII. European Union citizens with inquiries or complaints regarding this privacy policy should first contact Iterable, Inc. at compliance@iterable.com or by mail at 360 3rd St. Suite 675, San Francisco, CA, 94107.

Iterable has further committed to refer unresolved privacy complaints under the EU-U.S. Privacy Shield Principles to an independent dispute resolution mechanism, the ICDR/AAA, operated by the International Centre for Dispute Resolution. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed by Iterable, please visit the Privacy Shield website for more information and to file a complaint. To learn more about the Privacy Shield program, please visit www.privacyshield.gov.

In the event that a resolution or agreement cannot be reached through the independent dispute resolution mechanism, Iterable commits to binding arbitration at the request of the Subscriber to fully address any complaints.

USE OF ITERABLE BY CHILDREN

Iterable is not intended for children. If you are under 18, you may use the Site and Services only with the supervision of your parent or guardian.

THIRD PARTY SITES

The Site and Services may permit you to link to other websites on the Internet, and other websites may contain links to the Site or Services. These other websites are not under Iterable’s control and Iterable is not responsible for the privacy, security practices or the content of such websites, nor is Iterable liable for any PII data that is transferred.

CHANGES TO THIS PRIVACY POLICY

Iterable may amend this Privacy Policy. Use of information we collect now is subject to the Privacy Policy in effect at the time such information is used. If we make changes to our privacy policy, we will notify you by posting an announcement on our Site and via your contact information.

QUESTIONS OR CONCERNS

If you have any questions or concerns regarding privacy at Iterable, please send us a detailed message to compliance@iterable.com or to Iterable, Inc. at 360 3rd St. Suite 675, San Francisco, CA 94107. Your privacy is important to us and we will make every effort to resolve your concerns.